Category Archives: Advisories

Advisories

USN-7272-1: Symfony vulnerabilities

Read Time:1 Minute, 23 Second

Soner Sayakci discovered that Symfony incorrectly handled cookie storage in
the web cache. An attacker could possibly use this issue to obtain
sensitive information and access unauthorized resources. (CVE-2022-24894)

Marco Squarcina discovered that Symfony incorrectly handled the storage of
user session information. An attacker could possibly use this issue to
perform a cross-site request forgery (CSRF) attack. (CVE-2022-24895)

Pierre Rudloff discovered that Symfony incorrectly checked HTML input. An
attacker could possibly use this issue to perform cross site scripting.
(CVE-2023-46734)

Vladimir Dusheyko discovered that Symfony incorrectly sanitized special
input with a PHP directive in URL query strings. An attacker could possibly
use this issue to expose sensitive information or cause a denial of
service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 22.04 LTS.
(CVE-2024-50340)

Oleg Andreyev, Antoine Makdessi, and Moritz Rauch discovered that Symfony
incorrectly handled user authentication. An attacker could possibly use
this issue to access unauthorized resources and expose sensitive
information. This issue was only addressed in Ubuntu 24.04 LTS.
(CVE-2024-50341, CVE-2024-51996)

Linus Karlsson and Chris Smith discovered that Symfony returned internal
host information during host resolution. An attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
24.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-50342)

It was discovered that Symfony incorrectly parsed user input through
regular expressions. An attacker could possibly use this issue to expose
sensitive information. (CVE-2024-50343)

Sam Mush discovered that Symfony incorrectly parsed URIs with special
characters. An attacker could possibly use this issue to perform phishing
attacks. (CVE-2024-50345)

Read More

Advisories

openssh-9.6p1-2.fc40

Read Time:14 Second

FEDORA-2025-62f6cb2785

Packages in this update:

openssh-9.6p1-2.fc40

Update description:

Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465, CVE-2025-26466).

Read More

Advisories

USN-7270-1: OpenSSH vulnerabilities

Read Time:26 Second

It was discovered that the OpenSSH client incorrectly handled the
non-default VerifyHostKeyDNS option. If that option were enabled, an
attacker could possibly impersonate a server by completely bypassing the
server identity check. (CVE-2025-26465)

It was discovered that OpenSSH incorrectly handled the transport-level ping
facility. A remote attacker could possibly use this issue to cause OpenSSH
clients and servers to consume resources, leading to a denial of service.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2025-26466)

Read More

Advisories

USN-7161-2: Docker vulnerabilities

Read Time:45 Second

USN-7161-1 fixed CVE-2024-29018 in Ubuntu 24.04 LTS. This update fixes it
in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

USN-7161-1 fixed CVE-2024-41110 in Ubuntu 24.10, Ubuntu 24.04 LTS, and
Ubuntu 18.04 LTS. This updates fixes it in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.

Original advisory details:

Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed in
Ubuntu 24.04 LTS. (CVE-2024-29018)

Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. (CVE-2024-41110)

Read More